processing-stix-taxii-feeds
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted threat intelligence data from external TAXII servers, which constitutes an indirect prompt injection surface. \n
- Ingestion points:
scripts/agent.pyfetches STIX bundles from remote URLs provided by the user. \n - Boundary markers: Absent; the skill categorizes and prints intelligence data as plain text. \n
- Capability inventory: Network read/write capabilities are used to interact with TAXII servers. \n
- Sanitization: While the
stix2library is used for schema validation, it does not sanitize against malicious natural language instructions embedded in STIX fields. \n- [DATA_EXFILTRATION]: Thescripts/agent.pyscript performs network operations to non-whitelisted, user-provided TAXII server endpoints.
Audit Metadata